10 matches found
Astra Linux – Vulnerability in Redis
Redis is an in-memory database that persists data on disk. In Redis 7.0, before version 7.0.12, extracting key names from a command and a list of arguments could, in some cases, trigger a heap overflow, leading to the reading of random heap memory, heap corruption, and potentially remote code...
EUVD-2019-19729
PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bannerID parameter in click.php3. Attackers can submit crafted bannerID values using SQL comment syntax and functions like extractvalue...
EUVD-2023-54607
Malicious code in bioql PyPI...
Redis 安全漏洞
Redis Labs Redis is an open source, ANSI C, network-enabled, memory-based, persistent logging, key-value Key-Value storage database from Redis Labs, Inc. that provides APIs in multiple languages. A security vulnerability exists in Redis versions 7.0.0 through prior to 7.0.12, which stems from a...
OESA-2021-1001 dnsmasq security update
Dnsmasq provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot. It is designed to be lightweight and have a small footprint, suitable for resource constrained routers and firewalls. It has also been widely used for tethering on smartphones and portabl...
Dnsmasq 缓冲区错误漏洞
Dnsmasq is a lightweight DNS forwarding and DHCP, TFTP server written in C. It can be used as a server to forward DNS, DHCP, and TFTP. Dnsmasq suffers from a buffer overflow vulnerability that stems from a buffer overflow vulnerability in the way dnsmasq extracts names from DNS packets before...
dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled
A flaw was found in dnsmasq. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a...
USN-4698-1: Dnsmasq vulnerabilities
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled memory when sorting RRsets. A remote attacker could use this issue to cause Dnsmasq to hang, resulting in a denial of service, or possibly execute arbitrary code. CVE-2020-25681, CVE-2020-25687 Moshe Kol and Shlomi Oberman...
axis: SSL hostname verification bypass, incomplete CVE-2012-5784 fix
It was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject's Common Name CN field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate...
axis: SSL hostname verification bypass, incomplete CVE-2012-5784 fix
It was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject's Common Name CN field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate...